|
|
|
|
|
|
by someguy2018
2974 days ago
|
|
|
They're responsible for whatever user monitoring their third-party ecommerce platform does, right? All the ones I've seen process and retain user data. And maybe their web analytics, A/B testing, email newsletter tracking, etc. If your point is that static brochureware sites that don't target EU members at all and don't do anything interesting on the web probably don't have much to worry about... then I agree, but I don't think that's very insightful. Your earlier comment said that GDPR required "at least some active targeting of EU users." But a less contrived example, say a US-based SaaS that accepts credit card payments, probably needs to be very worried about GDPR even with absolutely no active targeting of EU users. |
|
|
Obviously each case should be dealt with on its own facts to assess the application of GDPR. In the example you give, GDPR may well apply. Some companies may be worried, others may see it as an opportunity.
I know lots of US SaaS companies are embracing GDPR rather than being worried about it. Clearly if you are looking to get business from EU customers but want to argue GDPR doesn’t apply due to the fact you are not strictly speaking targeting EU users then that might present an issue for certain potential EU customers (or maybe they could offer a cost discount because they haven't had to go through a GDPR compliance exercise). On that basis lots of companies outside the EU are pro-actively looking to comply with GDPR.
Arguments over the appropriateness of extra-territoriality applicability are a separate matter of course!